CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/03/23 12:0 a.m.•1 views

Towards Secure Retrieval-Augmented Generation: A Comprehensive Review of Threats, Defenses and Benchmarks

Retrieval-Augmented Generation RAG significantly mitigates the hallucinations and domain knowledge deficiency in large language models by incorporating external knowledge bases. However, the multi-module architecture of RAG introduces complex system-level security vulnerabilities. Guided by the R...

5.8AI score

CNNVD•added 2026/03/23 12:0 a.m.•7 views

WWBN AVideo 加密问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to encryption. These vulnerabilities stemmed from the lack of authentication during the decryptString operation, which could lead to...

7.5CVSS5.8AI score0.00234EPSS

Hacker One•added 2026/03/22 4:50 a.m.•10 views

AWS VDP: Encryption context keys and values logged at INFO level

Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...

5.9AI score

Hacker One•added 2026/03/22 4:44 a.m.•14 views

AWS VDP: V2Plugin.Decrypt panics on empty ciphertext (Remote DoS)

A vulnerability was discovered in the "aws-encryption-provider" component where the "V2Plugin.Decrypt" function accessed the ciphertext slice without checking if it was empty, leading to a panic and crashing the entire gRPC server process...

5.8AI score

Hacker One•added 2026/03/22 4:40 a.m.•11 views

AWS VDP: V1Plugin.Decrypt panics on empty ciphertext (Remote DoS)

A vulnerability was discovered in the aws-encryption-provider component of the pkg/plugin/plugin.go file at revision 4341c70. The vulnerability caused the V1Plugin.Decrypt function to panic when passed an empty ciphertext, crashing the entire gRPC server process. This was due to the function...

5.8AI score

NVD•added 2026/03/21 1:16 p.m.•8 views

CVE-2019-25549

VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the...

6.9CVSS0.00119EPSS

Exploits1References3

CVE•added 2026/03/21 12:46 p.m.•10 views

CVE-2019-25549

VeryPDF PCL Converter 2.7 has a denial-of-service vulnerability: a local attacker can crash the application by supplying an excessively long password in PDF Security, triggering a buffer overflow when processing PCL files (reported with a ~3000-byte password). The CVSS data indicate local access,...

6.9CVSS6.1AI score0.00119EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/03/21 12:0 a.m.•4 views

PT-2026-26895

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...

6.9CVSS6.1AI score0.00177EPSS

Exploits1References4

NVD•added 2026/03/20 11:16 p.m.•4 views

CVE-2026-33204

SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...

7.5CVSS0.00481EPSS

Vulnrichment•added 2026/03/20 10:37 p.m.•6 views

CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering

ATTACKERKB•added 2026/03/20 10:37 p.m.•6 views

CVE-2026-33204

Exploits1References3Affected Software1

EUVD•added 2026/03/20 10:37 p.m.•8 views

EUVD-2026-13871

Cvelist•added 2026/03/20 10:37 p.m.•21 views

CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering

7.5CVSS0.00481EPSS

OSV•added 2026/03/20 10:37 p.m.•4 views

CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering

7.5CVSS5.8AI score0.00481EPSS

Exploits1References4

CVE•added 2026/03/20 10:37 p.m.•11 views

CVE-2026-33204

CVE-2026-33204 affects the PHP library SimpleJWT prior to v1.1.1. An unauthenticated attacker can trigger a Denial of Service by tampering JWE headers when PBES2 algorithms are used, causing excessive PBKDF2 iterations during JWE::decrypt() on attacker-controlled JWEs. The issue is fixed in v1.1....

Exploits1References2Affected Software1

Snyk•added 2026/03/20 8:46 p.m.•5 views

Command Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection via the sanitizeFFmpegCommand function. An attacker can execute arbitrary commands on the standalone encoder server by injecting shell command...

9.2CVSS6.1AI score0.02061EPSS